Lock and key devices are used by mankind for more than 6,000 years. Whether mechanical, electrical, or digital, the concept stays the same: a key is needed to access resources behind a lock. Technology has made incredible progress since then. But, one problem is still the same—managing keys.

After installing a lock, you need to answer the question: Who needs a key?

With each key you hand over, the risk of misuse increases.

With each key you withhold, the effort of accessing resources increases.

Balancing these oppositions is an important part of managing keys. And, it's getting more and more complex with each additional lock.

EC2 Key Pairs

A key is needed to access an EC2 instance over SSH. The key consists of a private key and a public key called Key Pair.

You are able to manage your keys with the help of the AWS Management Console. The following example shows a screenshot of a Key Pair named mykey.

The key management allows you to create, import, and delete multiple keys for the use with EC2 instances.

When you launch an EC2 instance you can select one of your keys to allow SSH access. AWS will then add that key to your instance. The last step when starting an EC2 instance via the AWS Management Console is shown in the following screenshot.

In this case, the Key Pair named mykey was chosen. The key mykey is needed when establishing an SSH connection to that EC2 instance.

ssh -i ~/.ssh/mykey ec2-user@52.123.456.789

AWS implemented a secure way to manage keys to authenticate when establishing an SSH connection.

This allows you to add the public parts of your Key Pairs to your CloudFormation template. You are able to manage your keys with the help of Infrastructure as Code. The cloud-init script from above is embedded into the CloudFormation template.

The following example shows a CloudFormation template including an EC2 instance.

User Data allows you to deploy a bunch of Key Pairs on an EC2 instance during bootstrapping. CloudFormation and cloud-init simplify the task of creating users and adding the public part of their Key Pairs to an EC2 instance.

Feedback

Cloud Foundry saves app developers $100K and 10 weeks on average per development cycle. Download the 2018 User Survey for a snapshot of Cloud Foundry users’ deployments and productivity. Find out what people love about the industry standard cloud application platform.